Stefano Di Paola

Speakers Name: Stefano Di Paola

Speakers Title: Head of Research and Development Lab

Speakers Company: Minded Security

Title of Presentation: “JS Deobfuscation with JStillery”

JStillery is a hybrid static/dynamic analysis tool for deobfuscating highly obfuscated JavaScript code. It uses several cutting edge techniques to be able to deobfuscate several well known obfuscators and, due to its genericity, also custom obfuscated code. It can be used to improve reverse engineering, categorization, analysis and reduction of JavaScript code. JStillery was a private tool of our arsenal, and we are going to release it for the first time as open source project at BSide Roma.

Speaker Bio: Stefano Di Paola is the CTO and cofounder of Minded Security, where he is Head of Research and Development Lab. In the past years Stefano presented several cutting edge research topics, such as DOM based XSS runtime taint analysis methodology and tool, Expression Language Injection, HTTP Parameter Pollution, ActionScript Security that led him to be in the famous Jeremiah Grossman’s “Top Ten Web Hacking Techniques” initiative for 5 consecutive years. He also published several security advisories and open source security tools and contributed to the OWASP testing guide. Stefano is Research & Development Director of OWASP Italian Chapter.